SecSign

Omschrijving

SecSign ID – The mobile way to log into web sites

SecSign ID is a plugin for real two-factor authentication (2FA) for WordPress sites. 2FA adds another layer of security to your website by using a second token. In this case the physical token is your smartphone.
If you seek for more information about about two-factor authentication have a look at secsign.com.

Integrate SecSign ID into your own WordPress site in less than one minute.

You and your users can also use SecSign ID to visit securely other web sites (e.g. portal.secsign.com for truly professional messaging and cloud sharing.)

This service is free for users and web site owners and free of advertising – no matter how many users the web site has.

You can also integrate SecSign ID as in-house solution into your existing infrastructure (on request with licensed service and maintenance contract)

There are also APIs for PHP, Ruby, Perl, Python and Java as well as plugins and modules for Joomla and Drupal.
A complete overview about available plugins and APIs can be found at secsign.com/plugins/.

SecSign ID features:

Quick and easy to use single sign-on with 2048-bit high security

Eliminates password chaos and security concerns

No mobile number, credit card or time-consuming registration required

No need for long cryptical passwords, time-consuming retyping of codes from SMS or reading of QR codes

High security and strong cryptography on all levels

Technical details (only for experts):

Up to 2048-bit asymmetric private keys

Brute force resistant private key storage (SafeKey mechanism)

Private keys are never transmitted to the authentication server (the SecSign ID server)

High availability through redundant remote failover servers

Multi-tier high security architecture with multiple firewalls and protocol filters

For more detailed information about two-factor-authentication (2FA) or two-step-authentication please have a look at the SecSign blog entry about 2FA.

Schermafdrukken

This is the login form in which you enter your SecSign ID shown in the smartphone app.

The access pass is requested.

You will be shown an access pass. Tab on the matching one on your phone.

The push notification for the login request at your phone

The Touch ID authentication to get the access passes

The access passes where you have to choose the correct one to login

If your SecSign ID is not associated with a WordPress username, you can assign the SecSign ID to an existing user.

Or you can create a new account in WordPress which is associated with your SecSign ID.

The options for the SecSign ID plugin. You can choose a service name which is shown to a user on his or her smartphone and the assignments between a wordpress user and a SecSign ID.

The options for self enrollment whether a user can assign his or her SecSign ID by him- or herself and whether a user can create a new account.

Installatie

Install the Plugin

Login into WordPress as admin, go to the plugins screen and select the “Add New” submenu.

Search for “SecSign” and click “Install Now” or click on “Upload” and select the downloaded zip archive.

Activate the plugin in the “Installed Plugins” list.

Opmerking

The SecSign ID WordPress plugin uses the SecSign ID API. The API requests from the SecSign ID server a so-called access pass (a session and a pass icon) which must be confirmed on the smartphone. In order to enable the plugin to establish a connection to the SecSign ID server, the curl packet (http://php.net/manual/de/book.curl.php) must be installed for PHP, and the web server on which the WordPress site is running must be able to reach the SecSign ID server under https://httpapi.secsign.com. Otherwise, you have to make changes in the settings for firewall and/or proxy.

Add the Login Widget

You can add the SecSignID login widget to your site to allow the login on, for example, the side menu.

General Configuration

Go to the “Settings” screen and select the “SecSign ID Login” submenu.

Change the service address which will be shown to the user in the smartphone app. This should match the URL the users will see, when visiting your site.

Co-worker Configuration

You can integrate the SecSign ID login on the wp-login.php page. This is done by default.

Optionally, you can assign SecSign IDs to the WordPress users of your co-workers (admins, editors, authors and contributors). The users themselves can also assign a SecSign ID in their profile.

You can also deactivate the normal password-based login for the users, so they can only login using the SecSign ID. It’s recommended that you deactivate the password login for all co-workers, so your site is secured against brute force attacks. You should only allow the password-based login for your own admin account, in case you lose your phone, and of course for all co-workers without smartphones. These accounts should be secured using a very strong password.

User Configuration

Optionally, you can assign SecSign IDs to the WordPress users of your website users (subscribers). The users themselves can also assign a SecSign ID in their profile.

It’s also possible to activate and deactivate the password-based login for your users.

Fast Registration

In order not to have to create new user accounts yourself you can allow your co-workers or web site users to create user accounts themselves by logging in with their SecSign ID via wp-login.php or the login widget. You can allow them to create a new wordpress user or assign an existing one. After they created an wordpress account, you can assign wordpress roles to your co-workers via the user administration.

Handleiding

See (https://www.secsign.com/wordpress-tutorial/)

FAQ

Installation Instructions

Install the Plugin

Login into WordPress as admin, go to the plugins screen and select the “Add New” submenu.

Search for “SecSign” and click “Install Now” or click on “Upload” and select the downloaded zip archive.

Activate the plugin in the “Installed Plugins” list.

Opmerking

The SecSign ID WordPress plugin uses the SecSign ID API. The API requests from the SecSign ID server a so-called access pass (a session and a pass icon) which must be confirmed on the smartphone. In order to enable the plugin to establish a connection to the SecSign ID server, the curl packet (http://php.net/manual/de/book.curl.php) must be installed for PHP, and the web server on which the WordPress site is running must be able to reach the SecSign ID server under https://httpapi.secsign.com. Otherwise, you have to make changes in the settings for firewall and/or proxy.

Add the Login Widget

You can add the SecSignID login widget to your site to allow the login on, for example, the side menu.

General Configuration

Go to the “Settings” screen and select the “SecSign ID Login” submenu.

Change the service address which will be shown to the user in the smartphone app. This should match the URL the users will see, when visiting your site.

Co-worker Configuration

You can integrate the SecSign ID login on the wp-login.php page. This is done by default.

Optionally, you can assign SecSign IDs to the WordPress users of your co-workers (admins, editors, authors and contributors). The users themselves can also assign a SecSign ID in their profile.

You can also deactivate the normal password-based login for the users, so they can only login using the SecSign ID. It’s recommended that you deactivate the password login for all co-workers, so your site is secured against brute force attacks. You should only allow the password-based login for your own admin account, in case you lose your phone, and of course for all co-workers without smartphones. These accounts should be secured using a very strong password.

User Configuration

Optionally, you can assign SecSign IDs to the WordPress users of your website users (subscribers). The users themselves can also assign a SecSign ID in their profile.

It’s also possible to activate and deactivate the password-based login for your users.

Fast Registration

In order not to have to create new user accounts yourself you can allow your co-workers or web site users to create user accounts themselves by logging in with their SecSign ID via wp-login.php or the login widget. You can allow them to create a new wordpress user or assign an existing one. After they created an wordpress account, you can assign wordpress roles to your co-workers via the user administration.

Handleiding

See (https://www.secsign.com/wordpress-tutorial/)

How can users assign a SecSign ID to their WordPress account?

You can just sign in with your SecSign ID. You will then be shown a dialog, where you can create a new user or assign your SecSign ID to an existing WordPress user.

Alternatively, you can go to your profile page to assign a SecSign ID.

Is this service for free?

Yes, it’s free for the user and the WordPress admin – no matter how many users the site has. It’s also free of advertising.

How to restore your SecSign ID on a new smartphone?

In the event that you lose your phone or want to switch to a new one, you should write down the restoration code for your SecSign ID. You can find the code in the app: Click on Edit on the main screen, select your SecSign ID and click on Restoration settings.

You can restore your ID on a new phone by going to More -> Restore Identity.

I enabled the SecSign ID Plugin and locked myself out

Do the following steps in order to disable the SecSign ID WordPress login:

Open your WordPress directory via (S)FTP and rename the folder wp-content/plugins/secsign to secsign1.

Reload the backend login page and login with your WordPress username and password.

Important: Immediately rename the folder back to secsign.

The SecSign ID WordPress Plugin is now deactivated. Click on “Plugins” in the main menu, look for “SecSign” and activate it.

Adjust options in the SecSign ID settings.

Beoordelingen

Hi.
1) Do site members get an option as to weather they want to use this 2 step authentication or are they forced to once it’s active in admin.
2) Does it work for multisite setup from super-admin or has to be setup from each sub-site.